From 821e220116ffdbf143ded2c730408963634f9e00 Mon Sep 17 00:00:00 2001
From: Alex Snaps <alex@wcgw.dev>
Date: Tue, 29 Oct 2024 12:05:55 -0400
Subject: [PATCH] CEL

Signed-off-by: Alex Snaps <alex@wcgw.dev>
---
 controllers/auth_config_controller.go | 4 ++--
 pkg/expressions/cel/expressions.go    | 1 +
 tests/v1beta3/authconfig.yaml         | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/controllers/auth_config_controller.go b/controllers/auth_config_controller.go
index 394aa575..a646598c 100644
--- a/controllers/auth_config_controller.go
+++ b/controllers/auth_config_controller.go
@@ -678,7 +678,7 @@ func valueFrom(user *api.ValueOrSelector) (expressions.Value, error) {
 	var strValue expressions.Value
 	var err error
 	if user.Expression != "" {
-		if strValue, err = cel.NewExpression(string(user.Expression)); err != nil {
+		if strValue, err = cel.NewStringExpression(string(user.Expression)); err != nil {
 			return nil, err
 		}
 	} else {
@@ -1128,7 +1128,7 @@ func getJsonFromStaticDynamic(value *api.ValueOrSelector) (expressions.Value, er
 	}
 	expression := string(value.Expression)
 	if expression != "" {
-		return cel.NewExpression(expression)
+		return cel.NewStringExpression(expression)
 	}
 
 	return &json.JSONValue{
diff --git a/pkg/expressions/cel/expressions.go b/pkg/expressions/cel/expressions.go
index 18ba5728..96b14a1e 100644
--- a/pkg/expressions/cel/expressions.go
+++ b/pkg/expressions/cel/expressions.go
@@ -108,6 +108,7 @@ func (e *Expression) Evaluate(json string) (ref.Val, *cel.EvalDetails, error) {
 }
 
 func (e *Expression) EvaluateStringValue(json string) (string, error) {
+	fmt.Printf("   ====>>>  data: %s\n", json)
 	if result, _, err := e.Evaluate(json); err != nil {
 		return "", err
 	} else if !reflect.DeepEqual(result.Type(), cel.StringType) {
diff --git a/tests/v1beta3/authconfig.yaml b/tests/v1beta3/authconfig.yaml
index 509b93fe..b4d86c14 100644
--- a/tests/v1beta3/authconfig.yaml
+++ b/tests/v1beta3/authconfig.yaml
@@ -37,7 +37,7 @@ spec:
         jwt-rbac:
           value: true
         roles:
-          expression: auth.identity.realm_access.roles
+          expression: "has(auth.identity.realm_access) ? auth.identity.realm_access.roles : []"
         username:
           expression: "has(auth.identity.preferred_username) ? auth.identity.preferred_username : 'unknown'"
     oauth2-introspection:
@@ -53,7 +53,7 @@ spec:
         jwt-rbac:
           value: true
         roles:
-          expression: auth.identity.realm_access.roles
+          expression: "has(auth.identity.realm_access) ? auth.identity.realm_access.roles : []"
         username:
           expression: "has(auth.identity.preferred_username) ? auth.identity.preferred_username : 'unknown'"
       cache: